Added update employee password module

- Updated Employee details
- Added summary comments on Accounts Feature

Author: jioo

WebApi/Features/Accounts/AccountsController.cs

@@ -7,7 +7,7 @@
 
 namespace WebApi.Features.Accounts
 {
-    [Authorize(Roles = "Admin")]
+    [Authorize]
     [Route("api/[controller]"), ApiController]
     public class AccountsController : ControllerBase
     {
@@ -19,6 +19,7 @@ public AccountsController(IMediator mediator)
         }
 
         // POST: api/accounts/register
+        [Authorize(Roles = "Admin")]
         [HttpPost("register")]
         public async Task<IActionResult> Register(RegisterViewModel viewModel)
         {
@@ -36,16 +37,28 @@ public async Task<IActionResult> Register(RegisterViewModel viewModel)
             return new CreatedResult("", employeeInfo);
         }
 
-        [Authorize]
+        // PUT: api/accounts/update-password
+        [Authorize(Roles = "Admin")]
+        [HttpPut("update-password")]
+        public async Task<IActionResult> UpdatePassword(ChangePasswordViewModel viewModel)
+        {
+            // Change a specific Employee account's password
+            var result = await _mediator.Send(new UpdatePassword.Command(viewModel));
+            if(!result) return StatusCode(500);
+
+            return Ok();
+        }
+        
+        // PUT: api/accounts/change-password
         [HttpPut("change-password")]
-        public async Task<IActionResult> ChangePassword(UpdatePasswordViewModel viewModel)
+        public async Task<IActionResult> ChangePassword(ChangePasswordViewModel viewModel)
         {
             // Check if Old password is correct
             var validatePassword = await _mediator.Send(new Auth.ValidatePassword.Query(viewModel.UserName, viewModel.OldPassword));
             if (!validatePassword) return BadRequest("Incorrect password");
 
             // Change account password
-            var result = await _mediator.Send(new UpdatePassword.Command(viewModel));
+            var result = await _mediator.Send(new ChangePassword.Command(viewModel));
             if(!result.Succeeded) return BadRequest("Unable to change password");
 
             return Ok();

WebApi/Features/Accounts/ChangePassword.cs

@@ -0,0 +1,64 @@
+using System;
+using System.Linq;
+using System.Threading;
+using System.Threading.Tasks;
+using MediatR;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Identity;
+using WebApi.Entities;
+
+namespace WebApi.Features.Accounts
+{
+    /// <summary>
+    /// Change account password
+    /// </summary>
+    public class ChangePassword
+    {
+        public class Command : IRequest<IdentityResult>
+        {
+            public Command(ChangePasswordViewModel viewModel)
+            {
+                ViewModel = viewModel;
+            }
+
+            public ChangePasswordViewModel ViewModel { get; }
+        }
+
+        public class CommandHandler : IRequestHandler<Command, IdentityResult>
+        {
+            private readonly UserManager<User> _manager;
+            private readonly IHttpContextAccessor _httpContext;
+
+            public CommandHandler(UserManager<User> manager, IHttpContextAccessor httpContext)
+            {
+                _manager = manager;
+                _httpContext = httpContext;
+            }
+
+            public async Task<IdentityResult> Handle(Command request, CancellationToken cancellationToken)
+            {
+                try
+                {
+                    // Get the username in sub type claim
+                    var username = _httpContext.HttpContext.User.Claims
+                        .First(m => m.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier")
+                        .Value;
+
+                    // Get account details
+                    var user = await _manager.FindByNameAsync(username);
+
+                    // Change account password then return result
+                    return await _manager.ChangePasswordAsync(
+                        user, 
+                        request.ViewModel.OldPassword, 
+                        request.ViewModel.NewPassword);
+                }
+                catch (Exception e)
+                {
+                    Console.WriteLine(e);
+                    throw;
+                }
+            }
+        }
+    }
+}

…ures/Accounts/UpdatePasswordViewModel.cs …ures/Accounts/ChangePasswordViewModel.csWebApi/Features/Accounts/UpdatePasswordViewModel.cs renamed to WebApi/Features/Accounts/ChangePasswordViewModel.cs WebApi/Features/Accounts/UpdatePasswordViewModel.cs renamed to WebApi/Features/Accounts/ChangePasswordViewModel.cs

@@ -1,6 +1,6 @@
 namespace WebApi.Features.Accounts
 {
-    public class UpdatePasswordViewModel 
+    public class ChangePasswordViewModel 
     {
         public string UserName { get; set; }
         public string OldPassword { get; set; }

WebApi/Features/Accounts/Register.cs

@@ -9,6 +9,9 @@
 
 namespace WebApi.Features.Accounts
 {
+    /// <summary>
+    /// Create employee account
+    /// </summary>
     public class Register
     {
         public class Command : IRequest<EmployeeViewModel>

WebApi/Features/Accounts/UpdatePassword.cs

@@ -1,3 +1,4 @@
+
 using System;
 using System.Threading;
 using System.Threading.Tasks;
@@ -7,19 +8,22 @@
 
 namespace WebApi.Features.Accounts
 {
+    /// <summary>
+    /// Change a specific Employee account's password
+    /// </summary>
     public class UpdatePassword
     {
-        public class Command : IRequest<IdentityResult>
+        public class Command : IRequest<bool>
         {
-            public Command(UpdatePasswordViewModel viewModel)
+            public Command(ChangePasswordViewModel viewModel)
             {
                 ViewModel = viewModel;
             }
 
-            public UpdatePasswordViewModel ViewModel { get; }
+            public ChangePasswordViewModel ViewModel { get; }
         }
 
-        public class CommandHandler : IRequestHandler<Command, IdentityResult>
+        public class CommandHandler : IRequestHandler<Command, bool>
         {
             private readonly UserManager<User> _manager;
 
@@ -28,18 +32,20 @@ public CommandHandler(UserManager<User> manager)
                 _manager = manager;
             }
 
-            public async Task<IdentityResult> Handle(Command request, CancellationToken cancellationToken)
+            public async Task<bool> Handle(Command request, CancellationToken cancellationToken)
             {
                 try
                 {
                     // Get account details
                     var user = await _manager.FindByNameAsync(request.ViewModel.UserName);
 
-                    // Change account password then return result
-                    return await _manager.ChangePasswordAsync(
-                        user, 
-                        request.ViewModel.OldPassword, 
-                        request.ViewModel.NewPassword);
+                    // Remove the existing password
+                    await _manager.RemovePasswordAsync(user);
+
+                    // Add the new password
+                    var result = await _manager.AddPasswordAsync(user, request.ViewModel.NewPassword);
+
+                    return (result.Succeeded) ? true : false;
                 }
                 catch (Exception e)
                 {

WebApi/Features/Auth/AuthController.cs

@@ -49,7 +49,7 @@ public IActionResult ChallengeAuth(string role)
                 var validateRole = _httpContext.HttpContext.User.IsInRole(role);
                 if(!validateRole)
                 {
-                    return Unauthorized();
+                    return Forbid();
                 }
             }
 

WebApi/Features/Employees/Details.cs

@@ -4,6 +4,7 @@
 using System.Threading.Tasks;
 using AutoMapper;
 using MediatR;
+using Microsoft.EntityFrameworkCore;
 using WebApi.Infrastructure;
 
 namespace WebApi.Features.Employees
@@ -45,7 +46,9 @@ public async Task<EmployeeViewModel> Handle(Query request, CancellationToken can
                 try
                 {
                     // Find employee, get the Id param from Query
-                    var model =  await _context.Employees.FindAsync(request.Id);
+                    var model =  await _context.Employees
+                        .Include(m => m.Identity)
+                        .FirstAsync(m => m.Id == request.Id);
 
                     // Map model to view model
                     return _mapper.Map<EmployeeViewModel>(model);

WebApi/Features/Logs/List.cs

@@ -61,8 +61,6 @@ public async Task<Object> Handle(Query request, CancellationToken cancellationTo
                     var isEmployee = _httpContext.HttpContext.User.IsInRole("Employee");
                     if (isEmployee) 
                     {
-                        // var username = _httpContext.HttpContext.User.FindFirst("sub");
-                        
                         // Get the username in sub type claim
                         var username = _httpContext.HttpContext.User.Claims
                             .First(m => m.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier")